|
|
Mail.app - secure IMAP - Home Brewed Certificate
|
|
|
|
Fresh-Faced Recruit
Join Date: Oct 2003
Location: Washington, DC
Status:
Offline
|
|
Hello,
This isn't a bug, but a new feature that needs to be addressed for those connecting via an SSL-encrypted connection to an IMAP server that uses a home brewed certificate using Mail.app.
Mail.app in previous releases did not complain about mail servers with SSL certificates from unknown CA's, but does in Panther.
I have tried adding the certificate for the CA into the X509Anchors keychains -- this process works for allowing Safari trust SSL certificates issued by that CA. However, Mail.app does not seem to use the same keychain.
I noticed that in Panther that there is another keychain in /System/Library/Keychains: X509Certificates, and I tried adding the CA's certificate to that keychain also, but Mail.app still complained.
I also tried specifying for this CA cert that it should always be trusted (as opposed to using the system defaults), and Mail.app still complained.
By the way, when Mail.app complains, it asks you whether you want to cancel or continue. Continuing apparently does not have it connect and pick up messages.
Any direction anyone can provide would be most appreciated.
Thanks!!
|
|
|
|
|
|
|
|
|
Fresh-Faced Recruit
Join Date: Jul 2003
Location: NC, USA
Status:
Offline
|
|
|
|
|
|
|
|
|
|
|
Senior User
Join Date: Dec 2002
Location: Portland, OR
Status:
Offline
|
|
I would also like to know if there is some way to make this work. In the earlier dev builds the dialog box that asks you to continue had a tick box for "don't ask anymore" but it didn't work (it would still ask every time.) In the last couple of builds the tick-box disappeared.
I get the feeling this is one of many features that Apple left out in order to get Panther released in October. Hopefully it will return in a later point release as I don't want to have to start spending $150/year for an SSL cert for my private email server (that's assuming that Equifax is on their trusted CA list..)
Edit: ha, typed to slow. This post was on page 2 so I didn't expect someone else to be in the middle of replying.
Edit again: ahah, thats why the tickbox disappeared, my cert was expired. So I guess thats a feature, not a bug.
|
|
|
|
|
|
|
|
|
Senior User
Join Date: Sep 2000
Location: In a maze of twisty tunnels all alike
Status:
Offline
|
|
Has anyone been able to make this work. As soon as I click on the certificate icon in the window I get a wierd floating icon that I can't do anything with. Worse it stops Mail from doing anything.
I am stuck with having to click continue every time I login
|
|
|
|
|
|
|
|
|
Senior User
Join Date: Dec 2002
Location: Portland, OR
Status:
Offline
|
|
Originally posted by MickS:
Has anyone been able to make this work. As soon as I click on the certificate icon in the window I get a wierd floating icon that I can't do anything with. Worse it stops Mail from doing anything.
I am stuck with having to click continue every time I login
Try the workaround mentioned in this thread on slashdot:
I haven't tried it because I haven't felt like creating a new cert that isn't expired, yet.
|
|
|
|
|
|
|
|
|
Senior User
Join Date: Sep 2000
Location: In a maze of twisty tunnels all alike
Status:
Offline
|
|
I managed to get the cert in then found out that I was using an old cert that didn't match the hostname I was connecting to
I've now generated a new certificate and everything works.
|
|
|
|
|
|
|
|
|
Fresh-Faced Recruit
Join Date: Sep 2003
Location: Helsinki, Finland
Status:
Offline
|
|
Originally posted by MickS:
I managed to get the cert in then found out that I was using an old cert that didn't match the hostname I was connecting to
How did you get the cert in? My Mail gets stuck everytime I try to move the icon.
|
|
|
|
|
|
|
|
|
Senior User
Join Date: Sep 2000
Location: In a maze of twisty tunnels all alike
Status:
Offline
|
|
Originally posted by qvr:
How did you get the cert in? My Mail gets stuck everytime I try to move the icon.
Perserverance. I kept force quitting mail and retrying until I got it onto the desktop (Option-click).
|
|
|
|
|
|
|
|
|
Fresh-Faced Recruit
Join Date: Oct 2003
Location: Washington, DC
Status:
Offline
|
|
Originally posted by khemani:
Mail.app in previous releases did not complain about mail servers with SSL certificates from unknown CA's, but does in Panther.
I have tried adding the certificate for the CA into the X509Anchors keychains -- this process works for allowing Safari trust SSL certificates issued by that CA. However, Mail.app does not seem to use the same keychain.
(snipped)
Actually, this solution does work. Just a brain fart on my part -- I was adding the wrong certificate. Sorry for the confusion.
Thanks,
Yash
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Forum Rules
|
|
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
|
HTML code is Off
|
|
|
|
|
|
|
|
|
|
|
|